IBM Support

Common EFS Errors and Solutions

Technote (FAQ)


Question

This document is a collection of errors encountered when using EFS and solutions to those issues.

Answer

1) Problem: Can't enable EFS on the system
# efsenable -a
/usr/lib/drivers/crypto/clickext: A file or directory in the path name does not exist.
Unable to load CLiC kernel extension. Please check your installation.

Solution:
Install CLiC filesets from AIX Expansion Pack CD

$ installp -l -d clic.rte
  Fileset Name                Level                     I/U Q Content
  ====================================================================
  clic.rte.includes           4.3.0.0                    I  N usr
#   CryptoLite for C Library Include File

  clic.rte.kernext            4.3.0.0                    I  N usr,root
#   CryptoLite for C Kernel

  clic.rte.lib                4.3.0.0                    I  N usr
#   CryptoLite for C Library


2) Problem: Can't enable EFS on the system

# efsenable -a
Unable to load CLiC kernel extension. Please check your installation.
(Please make sure latest version of clic.rte is installed.)


Double-check that you have installed the correct version of the CLIC filesets for your Technology Level of AIX.

For AIX 6100-01 use clic.rte.4.3.0.0.I on the Expansion Pack CD
For aix 6100-02 use clic.rte.4.5.0.0.I on the Expansion Pack CD

AIX 6100-03 has been updated to include clic.rte on the base media set to prevent boot issues on systems with EFS enabled. Use clic.rte.4.6.0.1.I

For AIX 6100 or 7100 use clic.rte.4.7.0.0.I or 4.10.0.1 which will be included in the base OS media.


3) Problem: Can't run efskeymgr:

$ efskeymgr -V
Problem initializing EFS framework. Please install latest version of clic.rte

Check that RBAC has been enabled on the system:

$ lsattr -EHl sys0 -a enhanced_RBAC

attribute     value description        user_settable
enhanced_RBAC false Enhanced RBAC Mode True

Solution:
If it is set to "false", enable it and reboot:

# chdev -l sys0 -a enhanced_RBAC=true
sys0 changed

# shutdown -Fr


4) Problem: Can't view user's key:

$ efskeymgr -v
Problem initializing EFS framework.
 Please check EFS is installed and enabled (see efsenable) on your system.
 Error was: (EFS was not configured)

Solution:
Enable EFS on the system:
# efsenable -a
and give root's password when it asks for root's initial keystore.


5) Problem: Can't enable encryption inheritiance on a directory.
# efsmgr -E testdir
or
Can't enable encryption on a specific file
# efsmgr -e myfile

 Problem initializing EFS framework.
 Please check EFS is installed and enabled on you system.
 Error was: (EFS was not configured)

Solution:
Make sure CLiC filesets are installed
Enable EFS on the system
Enable EFS and RBAC on the filesystem:

# chfs -a efs=yes /myfilesystem


6) Problem: Have enabled EFS on a filesystem but get error mounting:

# mount /efstest
The CLiC library (libclic.a) is not available. Install clic.rte and run 'efsenable -a'.

Solution:
Install CLiC filesets
Enable EFS on the system
Remount the filesystem



7) Problem: No encryption algorithms show up!
# efsenable -q
List of supported algorithms for keystores:
  1
  2
  3

List of supported ciphers for files:
  1
  2
  3
  4
  5
  6

Solution:
Install CLiC filesets

# efsenable -q
List of supported algorithms for keystores:
  1  RSA_1024
  2  RSA_2048
  3  RSA_4096

List of supported ciphers for files:
  1  AES_128_CBC
  2  AES_192_CBC
  3  AES_256_CBC
  4  AES_128_ECB
  5  AES_192_ECB
  6  AES_256_ECB

Document information

More support for: AIX family

Software version: 6.1

Operating system(s): AIX

Reference #: T1010704

Modified date: 30 May 2017


Translate this page: